This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more. Role Description The Cybersecurity Intern will support our small IT/security team in protecting staff, volunteers, and client data across our nonprofit systems and cloud services. This role is ideal for student or early-career professionals who want hands-on experience with Microsoft Defender, Cloudflare, 1Password, and security awareness platforms in a real production environment with limited budgets and high mission impact. Key Responsibilities - Monitor and triage security alerts from Microsoft Defender (endpoints, identity, and email) and escalate issues to the IT/security lead. - Review Microsoft 365 and Azure AD sign-in logs and conditional access alerts for suspicious activity, such as impossible travel, risky sign-ins, and MFA failures. - Assist with managing Cloudflare security, including reviewing DNS and bot protection events. - Assist with managing 1Password for teams, including onboarding and offboarding users, organizing vaults, reviewing access permissions, and encouraging strong password and passkey practices. - Support phishing and security awareness programs using KnowBe4 to help develop campaigns, track outcomes, and prepare short training sessions and follow-up communications for staff. - Assist with vulnerability and configuration assessments on Windows endpoints and key SaaS services, documenting findings and tracking remediation efforts. - Help respond to basic security incidents, such as suspected phishing, account compromise, or malware alerts, following documented playbooks and runbooks. - Assist in documenting security procedures, checklists, and “how-to” guides designed for non-technical staff and volunteers. - Participate in at least one focused project, such as improving 1Password usage, tightening M365 security baselines, or enhancing phishing simulations, that align with both your interests and the organization’s needs. Learning Outcomes - Explain and apply basic security principles in a nonprofit IT environment, including privilege, MFA, and secure password management. - Use Microsoft Defender and related logs to identify and document common threats like phishing, malware, and suspicious sign-ins. - Support the deployment and adoption of 1Password as an enterprise password manager to decrease password reuse and enhance credential hygiene. - Learn how Cloudflare safeguards web assets and identify typical DNS problems in real-world scenarios. - Assist in planning and executing security awareness and phishing campaigns that promote culture change instead of assigning blame. Qualifications - Currently pursuing an Associate’s, Bachelor's, or Master’s degree in Cybersecurity, Information Technology, Computer Science, or a related field. - Engaging in equivalent self-directed learning such as certificates or bootcamps. - Solid understanding of networking, operating systems (especially Windows), and key security concepts like MFA, phishing, and least privilege. - Knowledge of Microsoft 365 and fundamental cloud concepts. - Interest in learning enterprise tools like Microsoft Defender, Cloudflare, and 1Password (prior experience is a plus but not required). - Strong communication skills and patience when working with non-technical staff in a mission-driven environment. - Proven reliability, confidentiality, and integrity in managing sensitive information. Requirements - Location: Fully Remote - Pay Rate: $25.00 per hour. Since this is a temporary position, it is not eligible for benefits. - This is a Part-Time Internship: 20-25 hours per week. - Interns must have their own laptop and access to high-speed internet. - Reports To: Jeff Gray, Director of IT Infrastructure & Cyber Security. Company Description Circular Action Alliance is an equal employment opportunity employer. All qualified applicants for employment will be considered without regard to race, color, religion, sex (including pregnancy, childbirth, lactation, and related medical conditions), national origin, military or veteran status, sexual orientation, gender identity, age or any other category protected by applicable federal, state, or local law. If you require accommodation as part of the application process, please contact careers@circularaction.org.

• Investigate and respond to security events; communicate findings to risk decision makers • Build and maintain security tools, automations, runbooks, dashboards, and detection infrastructure • Proactively hunt for threats and stay current on cybersecurity best practices • Perform threat modeling and security architecture reviews for AI agent platforms • Design security controls for identity flows (OAuth/OIDC, Okta, Auth0, Entra ID) within agentic systems • Harden LLM gateways and MCP connectors against prompt injection, tool abuse, and token leakage • Embed security into AI builds from design through deployment

This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more. Role Description You’ll triage and remediate security alerts across Openly’s attack surface, build detection automations, and serve as a key security partner for our AI initiatives — including multi-agent platforms, LLM tools, and agentic API workflows. Responsibilities - Investigate and respond to security events; communicate findings to risk decision makers - Build and maintain security tools, automations, runbooks, dashboards, and detection infrastructure - Proactively hunt for threats and stay current on cybersecurity best practices - Perform threat modeling and security architecture reviews for AI agent platforms - Design security controls for identity flows (OAuth/OIDC, Okta, Auth0, Entra ID) within agentic systems - Harden LLM gateways and MCP connectors against prompt injection, tool abuse, and token leakage - Embed security into AI builds from design through deployment Qualifications - BS in Computer Science, IT, or equivalent experience - 6+ years in technical roles; 4+ years in Security Engineering/Operations; 2+ years in an adjacent field (IT, DevOps, etc.) - Broad security knowledge: endpoint, email, network, identity, cloud, vulnerability management, IR, threat intel - Experience with EDR, MDR, SIEM, CSPM, and email security tools - Securing AI systems and agentic workflows, including MCP security risks (prompt injection, tool abuse, unauthorized access) - Securing multi-agent orchestration: agent delegation, tool-use layers, session data protection, guardrail enforcement - Deep knowledge of OAuth 2.0/OIDC, token security, and IdP administration (Okta, Auth0, Google Workspace, Entra ID) - Hardening human-in-the-loop workflows, async AI execution, and conversation memory stores - Experience with GCP/AWS, Python, Terraform, and Git Requirements - Strategic thinking - Clear communication - Innovation - Comfort with ambiguity - Systems architecture - Team mentorship Benefits - Remote-First Culture - We supported #remotelife long before it was a given. We'll keep promoting it. - Competitive Salary & Equity - Comprehensive Medical, Dental, and Vision Plan Offerings - Life and disability coverage including voluntary options - Parental Leave - up to 8 weeks (320 hours) of paid parental leave based on meeting eligibility requirements - 401K Company Contribution - Openly contributes 3% of the employee's gross income, even if the employee does not contribute. - Work-from-home stipend - We provide a $1,500 allowance to spend on setting up your home workplace - Annual Professional Development Fund: Each employee has $2,000 in professional development (PD) funds to spend on activities or resources annually. - Be Well Program - Employees receive $50 per month to use towards your overall well-being - Paid Volunteer Service Hours - Referral Program and Reward

This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more. Role Description This position offers a remote work arrangement while requiring occasional in-person attendance for business meetings and events. This position offers a base salary range of $147,081.00 - $245,138.00 per year, depending on experience and qualifications, plus bonus based on company performance. One of the MANY work perks at Sheetz is quarterly employee bonuses based on company performance! And there’s more – A LOT more… like competitive salaries, PTO and parental leave, 401k match and employee stock ownership, limitless professional development and growth opportunities, tuition reimbursement, full medical, vision and dental coverage, and snack discounts! Provides strategic leadership and enterprise oversight of cybersecurity programs enterprise wide. Establishes and executes the organization’s cybersecurity strategy, governance, risk, and compliance framework to protect company systems, data, and technology assets while enabling secure business growth. Partners with executive leadership to manage cyber risk, strengthen security posture, lead incident response, and promote a security-first culture aligned with organizational objectives. Responsibilities - Lead the development and implementation of the organizations cybersecurity strategy, establishing cybersecurity governance, risk, and compliance (GRC) frameworks and policies. - Proactively assess evolving cybersecurity and technology landscapes to stay ahead of emerging threats. - Facilitate the execution of growth and technology strategies by ensuring that technology adoption is resilient and secure. - Conduct internal assessments of compliance with cybersecurity policies and advise executive management on cybersecurity risk. - Act as the primary liaison for external audits and coordinates logistics, access, and response with third-party auditors. - Develop cybersecurity capabilities and talent in relation to emerging threats, laws and regulations, and organizational goals. - Build relationships with senior business decision makers and engage to collaboratively define the risk appetite for the organization. - Lead cybersecurity incident response (IR), including engagements with third-party entities and law enforcement. - Responsible for the effective use of cybersecurity assets and manages the cybersecurity budget. - Foster a security-aware culture collaborating with senior leaders to establish cybersecurity champions across the organization. Qualifications - Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or related field required. - Master’s degree in Information Security, Business Administration, or related discipline preferred. - Minimum 10 years of progressive experience in cybersecurity, information security, or IT security required. - Minimum 5 years of leadership or supervisory experience required. - Experience leading enterprise cybersecurity programs, incident response, and risk management initiatives required. - Experience in retail, multi-site operations, or highly distributed environments preferred. - Experience presenting to executive leadership and board-level stakeholders preferred. - Certified Information Systems Security Professional (CISSP) preferred. - Certified Information Security Manager (CISM) preferred. - Certified Information Systems Auditor (CISA) preferred. - Certified in Risk and Information Systems Control (CRISC) preferred. - GIAC certifications or equivalent preferred. - Cloud security certifications (CCSP, AWS Security, Azure Security) preferred. - General Office Equipment. Accommodations Sheetz is committed to the full inclusion of all qualified individuals. Sheetz is committed to considering all applicants regardless of disability who can perform all essential job duties with or without accommodations.